package com.echoplots.security.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

import com.echoplots.security.handler.SysAuthenticationFailureHandler;
import com.echoplots.security.handler.SysAuthenticationSucessHandler;

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
	
	@Autowired
    private SysAuthenticationSucessHandler authenticationSucessHandler;
	
	@Autowired
    private SysAuthenticationFailureHandler authenticationFailureHandler;
	
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin() // 表单方式,2.0默认方式
        //http.httpBasic()	//HTTP Basic的认证方式
		        .loginPage("/authentication/require") 
		        .loginProcessingUrl("/login")
		        .successHandler(authenticationSucessHandler) // 处理登录成功
		        .failureHandler(authenticationFailureHandler)//处理登录失败
		        .and()
		        .authorizeRequests() // 授权配置
		        .antMatchers("/login.html","/authentication/require").permitAll()
                .anyRequest()  // 所有请求
                .authenticated()// 都需要认证
                .and().csrf().disable(); //csrf攻击关闭
    }
    
    
    
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}
